The royalty-free image site “123RF.com” is sending out notifications of a breach to its users after a huge database containing 8,500,246 user records belonging to the platform has appeared on a Russian-speaking dark web forum. The 3GB SQL database was exfiltrated by the actors at an unknown and still unconfirmed time, but the entries range from 2006 to March 2020, so it must be around that time. 123RF only got to see samples of that data, and it appears to be valid.
The type of data that is included in the records are:
The risks of having the above exposed include falling victim to phishing attacks, scamming, identity theft, spamming, credential stuffing, and vulnerability exploitation. Unfortunately, there’s too much to be found in the database, which makes us wonder why a royalty-free website would need all this user information in the first place.
If you have created an account in 123RF, you should immediately reset your passwords on the associated platforms (PayPal, Facebook) and also enable two-factor authentication. Ideally, you should use a different phone number than the one exposed in this security incident to eliminate the chances of being targeted by SIM swappers.
123RF believes that the 2020 entries are fake to make the data appear more recent and thus more valuable. They think that the database is actually one year old, but this isn’t very reassuring anyway.
Victims may have already received phishing emails and SMS or approached by strangers who know stuff about them on Facebook. Beware of these possibilities, as the latter is particularly nasty. Someone can set up a Facebook account using a name that is familiar to you, so don’t jump to conclusions. Instead, scrutinize new friend requests and incoming communications.